Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make it easier to configure SSL #3299

Closed
totaam opened this issue Oct 11, 2021 · 5 comments
Closed

make it easier to configure SSL #3299

totaam opened this issue Oct 11, 2021 · 5 comments
Assignees
@totaam
Labels
client enhancement New feature or request network

Comments

@totaam
Copy link
Collaborator

totaam commented Oct 11, 2021

provide a GUI via pinentry so that users can more easily accept new self-signed certificates and ignore address mismatch, etc

Some preparatory refactoring done in: 0cc4361 + 874ddc9.
Improved debug logging: 76a7bbd

This feature will require Python 3.7 or later so that we can retrieve the SSLCertVerificationError.verify_code: 5069ebd
@totaam totaam added enhancement New feature or request client network labels Oct 11, 2021
@totaam totaam self-assigned this Oct 11, 2021
totaam added a commit that referenced this issue Oct 11, 2021
@totaam
#3299 prompt the user to accept certificates / hostname mismatch
dc7c8df
@totaam
Copy link
Collaborator Author

totaam commented Oct 11, 2021

This works reasonably well but is being seriously hampered by a bug in pinentry:

cat > notok << EOF
SETPROMPT whatever
SETDESC desc
SETNOTOK please-show-this
CONFIRM
EOF
cat notok | pinentry

This does not show the please-show-this option, which is honoured by pinentry-gtk, pinentry-gtk-2 and pinentry-qt.

So we can't ask the user if he wants to permanently save the host key / skip the hostname check.

@basilgello
Copy link
Contributor

Which distro does the bug manifest?

@totaam
Copy link
Collaborator Author

totaam commented Oct 11, 2021
edited
Loading

Which distro does the bug manifest?

@basilgello That will be all of them: Fedora 34, Ubuntu 21.04 and 20.04, Debian Buster and Bullseye.
But as per above, only with the gtk variant, the other variants honour it.

totaam added a commit that referenced this issue Oct 12, 2021
@totaam
#3299 remove 'notok' handling (broken)
dd3aff0 
add commented out 'GETINFO' examples
totaam added a commit that referenced this issue Oct 13, 2021
@totaam
#3299 use a separate host config directory for each port
3f62b83 
also add better debug logging
totaam added a commit that referenced this issue Oct 13, 2021
@totaam
#3299 add informational messages
ef9fb8b 
(and fix cert overwrite case: pass the filename, not the file object
@totaam totaam mentioned this issue Oct 14, 2021
Closed
@totaam
Copy link
Collaborator Author

totaam commented Oct 14, 2021

And pinentry just doesn't look very good at all on MacOS and MS Windows so we just re-use the dialogs we already have instead: 30d958a, and lots of other small updates - not all recorded against this ticket in the git commit message.
Works well enough on all platforms.

@totaam totaam closed this as completed Oct 14, 2021
@totaam totaam mentioned this issue Oct 18, 2021
Closed
totaam added a commit that referenced this issue Nov 1, 2021
@totaam
#3299 add error code for hostname mismatch
448ea03
totaam added a commit that referenced this issue Nov 1, 2021
@totaam
#3299 IPv6 fix
0f7e6ea
totaam added a commit that referenced this issue Nov 1, 2021
@totaam
#3299 also use the ssl retry gui when starting sessions
3dad264
This was referenced Jul 7, 2024
Closed
Closed
@totaam
Copy link
Collaborator Author

totaam commented Jul 8, 2024

Follow up in #4288

@totaam totaam changed the title make it easier to use ssl make it easier to configure SSL Jul 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@totaam totaam

Labels
client enhancement New feature or request network
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@totaam @basilgello